Information regarding the processing of personal data of visitors to the Facebook fanpage, including those joining the IdoBooking group set up

Information regarding the processing of personal data of visitors to the Facebook fanpage, including those joining the IdoBooking group set up
  1. The controller of the personal data is IdoBooking sp. z o. o. (also referred to as the "Operator") with its registered office at al. Piastów 30, 71-064 Szczecin, entered in the Register of Entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Commercial Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with a share capital of PLN 200,000.00. IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.

#The Data Protection Inspector at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.

  1. The processing of your personal data in the operation of the fanpage concerns:

data identifying your profile (usually including your name and surname);
your profile picture;
other images, in particular those related to the current activities of the Controller;
the content of your comments and the content of your conversations via Messenger.

  1. Your personal data is processed on the basis of Article 6(1)(a) of the GDPR, i.e. on the basis of your consent given with your entry to the fanpage, and may also be processed on the basis of consent given by you on a separate form.
  2. The purpose of the processing of your data is to operate the IdoBooking fanpage on the social network Facebook, under the terms and conditions set out by Meta Platforms Ireland Limited, and to inform you through it about the activities of IdoBooking Sp. z o.o. and for the purpose of communication through the available functionalities of Facebook (comments, chat, messages).
  3. Recipients of your personal data are in particular: a person representing the Controller, authorised employees of the Controller, entities to whom personal data must be made available on the basis of legal provisions, and those to whom data will be entrusted to fulfil the purposes of processing. The recipient of your data is also the owner of the social network Facebook (Meta Platforms Ireland Limited with its registered office in Dublin, Merrion Road, Dublin 4, D04 X2K5, Ireland) under the data rules available at (https://www.facebook.com/about/privacy).
  4. Your personal data for statistical and analytical purposes is co-managed by Meta Platforms Ireland Limited under its data policy, available at (https://www.facebook.com/about/privacy).

Meta Ireland transfers your data to Meta Platforms, Inc. based in the USA and it may be further transferred to other Meta Sub-processors.

  1. Meta Platforms, Inc. has certified its participation in the EU-US Data Protection Framework. Meta Ireland relies on the EU-US Data Protection Framework and the European Commission's decision finding an adequate level of data protection for European data transfers to Meta Platforms, Inc. in the US, in accordance with Meta's Data Protection Framework Statement. # Meta Ireland reserves the right to use alternative methods of transfer as set out in the GDPR and other data protection legislation applicable in the EEA and Switzerland, such as Standard Contractual Clauses for transfers between processors or an Adequacy Decision. Onward transfers of data to Meta's sub-processors are made in accordance with the requirements of the EU-US Data Protection Framework where applicable.
  2. Personal data collected through communication with you is only processed for the purpose of responding to you, if necessary.
  3. Your data that we hold in private messages is stored until you withdraw your consent to the processing of such data or until you delete your Facebook profile. In the case of information we hold as part of comments you have shared, this is available on our fan pages until the author deletes it.
  4. Your personal data collected by Facebook, i.e. history of posts, history of activity in the Messenger app, history of activity via the Instagram app, are subject to retention under the terms of Facebook's terms and conditions, available at: https://pl- pl.facebook.com/legal/terms.
  5. You have the right to request from the Controller access to your personal data, rectification, erasure or restriction of processing, as well as the right to data portability and the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
  6. The right to data portability allows data subjects to have access to their personal data in a structured, commonly used and machine-readable format and to have it transferred to another controller without hindrance from the original controller. This right is available in situations where the legal basis for the processing is:

the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, e.g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others - if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.

  1. You have the right to lodge a complaint to the supervisory authority, i.e. the President of the Office for Personal Data Protection, if you consider that the processing of your personal data by the Controller violates the provisions on personal data protection.
  2. Your personal data shall not be subject to profiling.
  3. Provision of data is voluntary, however, failure to provide such data may prevent you from using the Facebook social network or some of its functionalities, e.g. the possibility to view fanpages or leave comments.